我使用的是Key斗篷&Grails 4.0.9.的Spring Security。具有以下依赖项
compile group: 'org.keycloak', name: 'keycloak-spring-security-adapter', version: '12.0.2'
compile "org.springframework.security:spring-security-config:4.2.13.RELEASE"
compile "org.springframework.security:spring-security-web:4.2.13.RELEASE"
当我在html页面上打印出来时,我提交的任何带有特殊字符(即.ä(的表单都会显示为"ɶ"。post参数看起来正确。我还检查了application.yml中的Grails设置(view/gsp/encoding=utf-8(。
我的安全配置如下所示:
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http)
http
.authorizeRequests()
.anyRequest().permitAll()
http.csrf().disable() // disable CSRF since g:forms wouldnt work
}
如果我删除依赖项,表单提交将按预期工作。因此,我认为弹簧安全性存在问题。
PS:我查过了https://github.com/spring-projects/spring-boot/issues/3912-但问题似乎已经解决了。
我从https://stackoverflow.com/a/23051264/2027053它是有效的。因此,我在配置方法中添加了CharacterEncodingFilter:
import org.springframework.web.filter.CharacterEncodingFilter
import org.springframework.security.web.csrf.CsrfFilter
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http)
CharacterEncodingFilter filter = new CharacterEncodingFilter()
filter.setEncoding("UTF-8")
filter.setForceEncoding(true)
http.addFilterBefore(filter,CsrfFilter.class)
}